Sophos has just soft-released 9.707 today, fixing theese issues, here is from release notes:
We’ve just released UTM 9.707. As usual, the release will be rolled out in phases:
- In phase 1 you can download the update package from our download server.
- During phase 2 we will make it available via our Up2Date servers in several stages.
- In phase 3 we will make it available via our Up2Date servers to all remaining installations.
Up2date information
News
- Maintenance release
- Security release
Remarks
- System will be rebooted
- Configuration will be upgraded
Issues resolved
- NUTM-12550 [Access & Identity] Replace deprecated option in SSLVPN client config
- NUTM-12310 [Email] SPF checks incorrectly occurring when multiple upstream hosts are configured in an availability group
- NUTM-12672 [Logging] IPFIX does not switch source and destination ports between inbound and outbound side of flow
- NUTM-12749 [Basesystem] Update bzip2 to address CVE-2019-12900
- NUTM-12590 [Basesystem] Patch OpenSSL against CVE-2021-23840 & CVE-2021-23841
Remark, the “NUTM-12550 [Access & Identity] Replace deprecated option in SSLVPN client config” contains this change:
They replaced the deprecated command-line option --tls-remote with the update option --verify-x509-name in OpenVPN client config files.
This updated option has been supported in OpenVPN since version 2.5.3, released in 2013. Continuing to use the older option generates warnings during connection.
Source: (4) UTM Up2Date 9.707 Released – Release Notes & News – UTM Firewall – Sophos Community